Security and Cryptography: basic aspects. Ortal Arazi College of Engineering Dept. of Electrical & Computer Engineering The University of Tennessee. Outline. What is network security? Principles of Cryptography Authentication Integrity. What is network security?.
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Security and Cryptography: basic aspects
Ortal Arazi
College of Engineering
Dept. of Electrical & Computer Engineering
The University of Tennessee
Alice
Bob
data, control messages
channel
secure
sender
secure
receiver
data
data
Trudy
Q: What can a “bad guy” do?
A: a lot!
more on this later ……
K
K
A
B
Alice’s
encryption
key
Bob’s
decryption
key
encryption
algorithm
decryption
algorithm
ciphertext
plaintext
plaintext
Symmetric key crypto: Bob and Alice share know same (symmetric) key: K
Substitution cipher: substituting one thing for another
plaintext: abcdefghijklmnopqrstuvwxyz
ciphertext: mnbvcxzasdfghjklpoiuytrewq
 brute force (how hard?)
 other?
DES: Data Encryption Standard
DES operation –
Substitution and Permutation
Initial permutation
16 identical “rounds” of function application, each using different 48 bits of key
Final permutation
Symmetric key crypto
Public key cryptography
W. Diffie and M.E. Hellman's New Directions in Cryptography from IEEE transactions on Information Theory, IT 22:644654, 1976.
a,p: known numbers
(p  prime number)
A
B
(Y  private key)
(X  private key)
ay mod p
aX mod p
[ay mod p]x mod p = aXY mod p = [ax mod p]y mod p
Why use ECC?
Calculations take less time, less memory and less hardware
P a known point on the elliptic curve
A
B
X private key
(scalar)
y private key
(scalar)
X x P
Y x P
(Y x P) x X= XY x P = (X x P) x Y
The discreet Log problem: by knowing X x P and P, one can not know x
In GF(2m) an ordinary elliptic curve E suitable for elliptic curve cryptography is defined by the set of points (x; y) that satisfy the equation :
Example:
K (K (m)) = m
B
B

+
2
1
+
K (m)
B

+
m = K (K (m))
B
B
+
Bob’s public
key
K
B

Bob’s private
key
K
B
encryption
algorithm
decryption
algorithm
plaintext
message
plaintext
message, m
ciphertext
Requirements:
Given a public key it should be impossible to compute the private key
+
Bob’s public
key
K
B

Bob’s private
key
K
B
RSA
f(x)
RSA
f1(x)
plaintext
message
plaintext
message, m
ciphertext
f(m)
m=f1(f(m))
Algorithm using
a public key
Algorithm using
a private key
+

K
K
B
B
1. Choose two large prime numbers p, q.
(e.g., 1024 bits each)
2. Compute n = pq, z = (p1)(q1)
3. Choose e (with e<n) that has no common factors
with z. (e, z are “relatively prime”).
4. Choose d such that ed1 is exactly divisible by z.
(in other words: ed mod z = 1).
5.Public key is (n,e).Private key is (n,d).
d
m = c mod n
e
(i.e., remainder when m is divided by n)
d
e
m = (m mod n)
mod n
Given (n,e) and (n,d) as computed above:
1. To encrypt bit pattern, m (m<n), compute
e
c = m mod n
2. To decrypt received bit pattern, c, compute
d
(i.e., remainder when c is divided by n)
Magic
happens!
c
e
d
ed
(m mod n)
mod n = m mod n
ed mod (p1)(q1)
1
= m mod n
= m (since m<n)
= m mod n
C – the encrypted message
y
y mod (p1)(q1)
d
e
x mod n = x mod n
(Fermat's Small Equation)
m = (m mod n)
mod n
Useful number theory result: If p,q prime and
n = pq, then:
(using number theory result above)
(since we choseed to be divisible by
(p1)(q1) with remainder 1 )

K (R)
A
+
+
K
K
A
A


+
(K (R)) = R
K
(K (R)) = R
A
A
A
“I am Alice”
Bob computes
R
and knows only Alice could have the private key, that encrypted R such that
“send me your public key”
Man (woman) in the middle attack: Trudy poses as Alice (to Bob) and as Bob (to Alice)


K (R)
K (R)
A
T
+
+
K
K
A
T


+
+
m = K (K (m))
m = K (K (m))
+
+
A
T
A
T
K (m)
K (m)
A
T
I am Alice
I am Alice
R
R
Send me your public key
Send me your public key
Trudy gets
sends m to Alice encrypted with Alice’s public key
+
+
digital
signature
(encrypt)
K
K
B
B
K
CA
Bob’s
public
key
CA
private
key
certificate for Bob’s public key, signed by CA

Bob’s
identifying information
+
+
digital
signature
(decrypt)
K
K
B
B
K
CA
Bob’s
public
key
CA
public
key
+
Questions?